x86/irq: Ensure PI wakeup handler is unregistered before module unload

sean-jc · bonzini · commit 6ff53f6a438f · 2021-10-22T12:45:35.000-04:00
Add a synchronize_rcu() after clearing the posted interrupt wakeup handler to ensure all readers, i.e. in-flight IRQ handlers, see the new handler before returning to the caller. If the caller is an exiting module and is unregistering its handler, failure to wait could result in the IRQ handler jumping into an unloaded module. The registration path doesn't require synchronization, as it's the caller's responsibility to not generate interrupts it cares about until after its handler is registered. Fixes: f6b3c72 ("x86/irq: Define a global vector for VT-d Posted-Interrupts") Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson <seanjc@google.com> Message-Id: <20211009001107.3936588-2-seanjc@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
@@ -291,8 +291,10 @@ void kvm_set_posted_intr_wakeup_handler(void (*handler)(void))
 {
 	if (handler)
 		kvm_posted_intr_wakeup_handler = handler;
-	else
+	else {
 		kvm_posted_intr_wakeup_handler = dummy_handler;
+		synchronize_rcu();
+	}
 }
 EXPORT_SYMBOL_GPL(kvm_set_posted_intr_wakeup_handler);
 

Original file line number	Diff line number	Diff line change
`@@ -291,8 +291,10 @@ void kvm_set_posted_intr_wakeup_handler(void (*handler)(void))`
`291`	`291`	`{`
`292`	`292`	`if (handler)`
`293`	`293`	`kvm_posted_intr_wakeup_handler = handler;`
`294`		`- else`
	`294`	`+ else {`
`295`	`295`	`kvm_posted_intr_wakeup_handler = dummy_handler;`
	`296`	`+ synchronize_rcu();`
	`297`	`+ }`
`296`	`298`	`}`
`297`	`299`	`EXPORT_SYMBOL_GPL(kvm_set_posted_intr_wakeup_handler);`
`298`	`300`